EION Wireless has introduced TrustLink-256 technology to address the enhanced security requirements from todays network operators. TrustLink-256 includes strong data security features such as AES-256 encryption in addition to management security and user authentication. The TrustLink-256 security infrastructure software enhancements can be added to any StarPlus radio via software key upgrade.
TrustLink-256 builds on the base level TrustLink features available in all StarPlus products. TrustLink is a technology developed by EION Wireless for the delivery of high‑throughput, outdoor, multimedia rich applications in the unlicensed band. TrustLink Technology provides interference mitigation, increased system performance, low latency and Quality of Experience.
EION has taken a multiple tier approach to overall network security. The three pillars of our network security model are; Payload Security - ensuring that your data is secure using advanced encryption techniques, Management Security - ensuring that management traffic is secure and accessible to only authorized users, and Physical Security - ensuring that devices cannot be unknowingly tampered with.
EION TrustLink-256 technology uses advanced encryption techniques and filtering techniques to ensure that data on the network is secure and only visible to intended users.
The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) and is a requirement from the US government to protect SECRET and TOP SECRET information. TrustLink-256 implements the highest level of encryption, AES-256, however other key sizes are available in the software such as AES-128.
TrustLink-256 Trusted Network Peers
EION StarPlus radios form a closed private network infrastructure. Unlike WiFi products where a large number of different devices are able to connect, StarPlus radios will only communicate and authenticate with other StarPlus radios. This significantly reduces the possible attack vectors to the network.
Access Control Filtering
With the StarPlus access filtering capabilities, network operators can create whitelists or blacklists of devices to controls authentication and connection to StarPlus networks or to individual StarPlus base stations. Management Security The management security layer ensures that management traffic is secure and accessible to only authorized users within the network. Securing at the management layer is critical.
HTTPS/SSL Encryption of Management Traffic
All management traffic is encrypted using the highest level AES-256 encryption. Obviously if management traffic is not secure; any other traffic going over the link could be compromised.
Role Based Access Control
Fine grained role based control, allows access only when required. Different access levels can be assigned to users from the basic “read-only” account to a “full-access” administrator account. Role based access control allows complex organizations to distribute administration and management functions effectively without compromising internal security policies.
RADIUS Level Authentication
Rather than manage user access individually on each device, operators can centralize user access of large networks to a single RADIUS database. This approach reduces complexity when assigning management functions, aids with change management and integration with third party contractors as well as provides a method to manage and enforce corporate password policies and password expiry. The RADIUS authentication includes a fallback mode to local authentication in the event that the RADIUS service becomes compromised, the StarPlus network will remain secure.
Traps and Alarms
The StarPlus based management system ties into any standard SNMP capable NMS. Traps and alarms can be configured to immediately alert members of your team to downtime or suspicious activity on the network. Because the alerts are sent in real time, resources can be dispatched immediately to take corrective action. For example, if a unit is rebooted or if an ethernet cable is unplugged, the system can be configured to send immediate alerts.
If your organization separates traffic using VLANs, all of the management traffic can be segregated from the data payload to a separate VLAN for an added security measure.
An component of our security focus is on physical security. The inherent placement of radio units excludes them from being located in secure network locations like other rack-mounted network gear. Our focus on physical security prevents unwanted tampering or alteration of the equipment.
The rugged all-weather enclosure allows co-location on rooftops and masts limiting physical access. Products designed for critical infrastructure deployment are twice as thick as our conventional enclosures.
Tamper Proof Enclosure
Our most rugged enclosures which are typically used for border security applications are fastened with tamper resistant hardware. These units require specially designed tools to open the enclosure.
Placement of Devices
One advantage to broadband wireless devices compared to wire-line systems is the placement of devices on rooftops and masts is inherently secure and limits the opportunities for an attacker to tap in or eavesdrop on the communications. With wireless, the physical assets are located in a handful of discrete points as opposed to a wire-line system with long expanses of potentially exposed cabling.
TrustLink-256 technology that includes AES-256 and management security, combined with EION’s multi-layer approach to security provides network operators with a total security infrastructure solution.